Apache: Difference between revisions
mNo edit summary |
m (→FAQ) |
||
(8 intermediate revisions by the same user not shown) | |||
Line 67: | Line 67: | ||
=HOWTO= | |||
==Log SSL protocols== | |||
CustomLog logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" | |||
= FAQ = | = FAQ = | ||
==Modules== | |||
== Enable module == | |||
===On Debian=== | |||
a2enmod | |||
===On RedHat=== | |||
== | === List active modules=== | ||
apachectl -t -D DUMP_MODULES | |||
==Enable HSTS== | |||
a2enmod headers | |||
and in config | |||
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains" | |||
== [core:emerg] [pid 3317] (28)No space left on device: AH00023: Couldn't create the rewrite-map mutex == | == [core:emerg] [pid 3317] (28)No space left on device: AH00023: Couldn't create the rewrite-map mutex == | ||
Line 94: | Line 100: | ||
==Check which MPM is running ( prefork or worker) == | ==Check which MPM is running ( prefork or worker) == | ||
httpd -V | grep MPM | httpd -V | grep MPM | ||
or more modern | |||
apache2ctl -t -D DUMP_MODULES | grep mpm | |||
== NameVirtualHost *:80 has no VirtualHosts == | == NameVirtualHost *:80 has no VirtualHosts == | ||
Line 141: | Line 148: | ||
RedirectMatch 404 /\.svn(/|$) | RedirectMatch 404 /\.svn(/|$) | ||
or | |||
<DirectoryMatch "^/.*/\.git/"> | |||
Require all denied | |||
</DirectoryMatch> | |||
== Deny access to files == | |||
<FilesMatch \.(?i:gif|jpe?g|png)$> | <FilesMatch \.(?i:gif|jpe?g|png)$> | ||
Require all denied | Require all denied | ||
Line 220: | Line 233: | ||
Redirect permanent / [https://foo.com https://foo.com] | Redirect permanent / [https://foo.com https://foo.com] | ||
*[https://httpd.apache.org/docs/current/rewrite/avoid.html#redirect Use redirect instead of rewrite] | |||
== debugging rewrites == | == debugging rewrites == | ||
Line 238: | Line 249: | ||
| | ||
== AH00179: changing ServerLimit to 700 from original value of 512 not allowed during restart == | |||
== server-status: ERROR 500: Internal Server Error== | |||
?? | |||
==Error messages== | |||
=== AH00162: server seems busy === | |||
maybe it's busy | |||
=== AH01630: client denied by server configuration === | |||
Probably using 2.2 config on 2.4, change | |||
Order allow,deny | |||
Allow from all | |||
to | |||
Require all granted | |||
=== AH00179: changing ServerLimit to 700 from original value of 512 not allowed during restart === | |||
Needs a real restart | Needs a real restart | ||
== | ===AH02282: No slotmem from mod_heartmonitor=== | ||
?? |
Latest revision as of 13:55, 9 August 2024
From the apache homepage:
The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems including UNIX and Windows NT. The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards.
Links
Documentation | |
http://httpd.apache.org/ | Apache homepage |
http://httpd.apache.org/docs/2.2/ | 2.2 Reference |
http://httpd.apache.org/docs/2.0/ | 2.0 Reference |
http://httpd.apache.org/docs/1.3/ | 1.3 Reference |
Apache and SSL | |
Apache2, Debian and SSL | |
More Apache and SSL | |
Articles | |
vhosts explained | "Simplify Your Life with Apache Virtual Hosts" Russell Dyer 07/24/2003 |
Tools | |
http://awstats.sourceforge.net/ | Apache log analyzer |
Documentation
Virtual hosts
Application & modules
Log analyzers
Notes
- Don't use the CGI to present the data unless it is protected. Best use awstats_buildstaticpages.pl to build the static pages and present those. Save resources and is more secure.
Related Items
Web-based Single Sign-On
Applications
Comparisons
- http://www.jisc.ac.uk/uploaded_documents/CMSS-Gilmore.pdf
- http://www.umich.edu/~umweb/downloads/WebSSOImplementationComparision.pdf
HOWTO
Log SSL protocols
CustomLog logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
FAQ
Modules
Enable module
On Debian
a2enmod
On RedHat
List active modules
apachectl -t -D DUMP_MODULES
Enable HSTS
a2enmod headers
and in config
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
[core:emerg] [pid 3317] (28)No space left on device: AH00023: Couldn't create the rewrite-map mutex
Check
ipcs -s
Check which MPM is running ( prefork or worker)
httpd -V | grep MPM
or more modern
apache2ctl -t -D DUMP_MODULES | grep mpm
NameVirtualHost *:80 has no VirtualHosts
This means you're using <VirtualHost *> instead of <VirtualHost *:80> Or you have multiple declarations of NameVirtualHost *:80
Telnet session to webserver
telnet www.example.com 80 get / HTTP/1.1 <enter> <enter>
For a virtual also pass host:
get / HTTP/1.1 host: virtual.host.com <enter>
Apache memory usage
ps aux|grep http|awk '{sum+=$4} END {print sum}'
Authentication
Read:
- Apache Authentication in htaccess
- Password Protection with .htaccess & .htpasswd
- http://httpd.apache.org/docs/2.2/howto/auth.html
- https://httpd.apache.org/docs/2.4/howto/auth.html
In .htaccess or </Directory> section put:
Authtype Basic AuthUserFile /etc/apache/htusers Require valid-user AuthName "Protected"
Hide directories
RedirectMatch 404 /\.svn(/|$)
or
<DirectoryMatch "^/.*/\.git/"> Require all denied </DirectoryMatch>
Deny access to files
<FilesMatch \.(?i:gif|jpe?g|png)$> Require all denied </FilesMatch>
Strange hang and not restarting
ipcs -s|grep apache for i in `ipcs -s|grep apache|awk {'print $2'}`;do ipcrm sem $i;done;
Get core dumps
- http://wiki.apache.org/httpd/CoreDump
- /usr/share/doc/apache2.2-common/README.backtrace
In apache configuration:
CoreDumpDirectory /tmp/apache2-gdb-dump (make sure to have proper rights)
On freebsd
Set apache22limits_enable="YES in /etc/rc.conf
In apache configuration:
CoreDumpDirectory /tmp/apache2-gdb-dump (make sure to have proper rights)
Other stuff to try
sysctl kern.sugid_coredump=1 sysctl kern.coredumps=1
On Debian
sysctl fs.suid_dumpable=2 ? ulimit -c unlimited ?
Socket is not connected: core_output_filter: writing data to the network
Bug in some versions?
Connection refused: connect to listener on 0.0.0.0:80
Seems a jail problem, try setting
Listen 12.33.44.55:80
No such file or directory: Failed to enable the 'httpready' Accept Filter
In /boot/loader.conf
accf_data_load="YES" accf_http_load="YES"
sorting apache logs
http://jehiah.cz/archive/sorting-apache-logs
unable to include potential exec
Rewriting and redirecting
http://www.aitechsolutions.net/apacheredirect.html
redirect http to https
#this usually does the trick Redirect permanent / https://foo.com
debugging rewrites
status codes
client denied by server configuration
That's the Deny/Allow bits in config
server-status: ERROR 500: Internal Server Error
??
Error messages
AH00162: server seems busy
maybe it's busy
AH01630: client denied by server configuration
Probably using 2.2 config on 2.4, change
Order allow,deny Allow from all
to
Require all granted
AH00179: changing ServerLimit to 700 from original value of 512 not allowed during restart
Needs a real restart
AH02282: No slotmem from mod_heartmonitor
??